首頁 探索 說明
註冊 登入
lqb
/
elasticsearch
镜像来自 https://gitee.com/mirrors/elasticsearch.git
1
0
複刻 0
Files 問題管理 0 Wiki
目錄樹: 86d568ff26
分支列表 標籤列表
elasticsearch
/
docs
/
reference
/
data-streams
/
data-streams.asciidoc

data-streams.asciidoc 6.3 KB
文件歷史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161 
  1. [role="xpack"]
    2. 

  2. [[data-streams]]
    3. 

  3. = Data streams
    4. 

  4. ++++
    5. 

  5. <titleabbrev>Data streams</titleabbrev>
    6. 

  6. ++++
    7. 

  7. 

  8. A data stream lets you store append-only time series
    9. 

  9. data across multiple indices while giving you a single named resource for
    10. 

  10. requests. Data streams are well-suited for logs, events, metrics, and other
    11. 

  11. continuously generated data.
    12. 

  12. 

  13. You can submit indexing and search requests directly to a data stream. The
    14. 

  14. stream automatically routes the request to backing indices that store the
    15. 

  15. stream's data. You can use <<index-lifecycle-management,{ilm} ({ilm-init})>> to
    16. 

  16. automate the management of these backing indices. For example, you can use
    17. 

  17. {ilm-init} to automatically move older backing indices to less expensive
    18. 

  18. hardware and delete unneeded indices. {ilm-init} can help you reduce costs and
    19. 

  19. overhead as your data grows.
    20. 

  20. 

  21. 

  22. [discrete]
    23. 

  23. [[should-you-use-a-data-stream]]
    24. 

  24. == Should you use a data stream?
    25. 

  25. 

  26. To determine whether you should use a data stream for your data, you should consider the format of
    27. 

  27. the data, and your expected interaction. A good candidate for using a data stream will match the
    28. 

  28. following criteria:
    29. 

  29. 

  30. * Your data contains a timestamp field, or one could be automatically generated.
    31. 

  31. * You mostly perform indexing requests, with occasional updates and deletes.
    32. 

  32. * You index documents without an `_id`, or when indexing documents with an explicit `_id` you expect first-write-wins behavior.
    33. 

  33. 

  34. For most time series data use-cases, a data stream will be a good fit. However, if you find that
    35. 

  35. your data doesn't fit into these categories (for example, if you frequently send multiple documents
    36. 

  36. using the same `_id` expecting last-write-wins), you may want to use an index alias with a write
    37. 

  37. index instead. See documentation for <<manage-time-series-data-without-data-streams,managing time
    38. 

  38. series data without a data stream>> for more information.
    39. 

  39. 

  40. Keep in mind that some features such as <<tsds,Time Series Data Streams (TSDS)>> and
    41. 

  41. <<data-stream-lifecycle,data stream lifecycles>> require a data stream.
    42. 

  42. 

  43. [discrete]
    44. 

  44. [[backing-indices]]
    45. 

  45. == Backing indices
    46. 

  46. 

  47. A data stream consists of one or more <<index-hidden,hidden>>, auto-generated
    48. 

  48. backing indices.
    49. 

  49. 

  50. image::images/data-streams/data-streams-diagram.svg[align="center"]
    51. 

  51. 

  52. A data stream requires a matching <<index-templates,index template>>. The
    53. 

  53. template contains the mappings and settings used to configure the stream's
    54. 

  54. backing indices.
    55. 

  55. 

  56. // tag::timestamp-reqs[]
    57. 

  57. Every document indexed to a data stream must contain a `@timestamp` field,
    58. 

  58. mapped as a <<date,`date`>> or <<date_nanos,`date_nanos`>> field type. If the
    59. 

  59. index template doesn't specify a mapping for the `@timestamp` field, {es} maps
    60. 

  60. `@timestamp` as a `date` field with default options.
    61. 

  61. // end::timestamp-reqs[]
    62. 

  62. 

  63. The same index template can be used for multiple data streams. You cannot
    64. 

  64. delete an index template in use by a data stream.
    65. 

  65. 

  66. The name pattern for the backing indices is an implementation detail and no
    67. 

  67. intelligence should be derived from it. The only invariant the holds is that
    68. 

  68. each data stream generation index will have a unique name.
    69. 

  69. 

  70. [discrete]
    71. 

  71. [[data-stream-read-requests]]
    72. 

  72. == Read requests
    73. 

  73. 

  74. When you submit a read request to a data stream, the stream routes the request
    75. 

  75. to all its backing indices.
    76. 

  76. 

  77. image::images/data-streams/data-streams-search-request.svg[align="center"]
    78. 

  78. 

  79. [discrete]
    80. 

  80. [[data-stream-write-index]]
    81. 

  81. == Write index
    82. 

  82. 

  83. The most recently created backing index is the data stream’s write index.
    84. 

  84. The stream adds new documents to this index only.
    85. 

  85. 

  86. image::images/data-streams/data-streams-index-request.svg[align="center"]
    87. 

  87. 

  88. You cannot add new documents to other backing indices, even by sending requests
    89. 

  89. directly to the index.
    90. 

  90. 

  91. You also cannot perform operations on a write index that may hinder indexing,
    92. 

  92. such as:
    93. 

  93. 

  94. * <<indices-clone-index,Clone>>
    95. 

  95. * <<indices-delete-index,Delete>>
    96. 

  96. * <<indices-shrink-index,Shrink>>
    97. 

  97. * <<indices-split-index,Split>>
    98. 

  98. 

  99. [discrete]
    100. 

  100. [[data-streams-rollover]]
    101. 

  101. == Rollover
    102. 

  102. 

  103. A <<indices-rollover-index,rollover>> creates a new backing index that becomes
    104. 

  104. the stream's new write index.
    105. 

  105. 

  106. We recommend using <<index-lifecycle-management,{ilm-init}>> to automatically
    107. 

  107. roll over data streams when the write index reaches a specified age or size.
    108. 

  108. If needed, you can also <<manually-roll-over-a-data-stream,manually roll over>>
    109. 

  109. a data stream.
    110. 

  110. 

  111. [discrete]
    112. 

  112. [[data-streams-generation]]
    113. 

  113. == Generation
    114. 

  114. 

  115. Each data stream tracks its generation: a six-digit, zero-padded integer starting at `000001`.
    116. 

  116. 

  117. When a backing index is created, the index is named using the following
    118. 

  118. convention:
    119. 

  119. 

  120. [source,text]
    121. 

  121. ----
    122. 

  122. .ds-<data-stream>-<yyyy.MM.dd>-<generation>
    123. 

  123. ----
    124. 

  124. 

  125. `<yyyy.MM.dd>` is the backing index's creation date. Backing indices with a
    126. 

  126. higher generation contain more recent data. For example, the `web-server-logs`
    127. 

  127. data stream has a generation of `34`. The stream's most recent backing index,
    128. 

  128. created on 7 March 2099, is named `.ds-web-server-logs-2099.03.07-000034`.
    129. 

  129. 

  130. Some operations, such as a <<indices-shrink-index,shrink>> or
    131. 

  131. <<snapshots-restore-snapshot,restore>>, can change a backing index's name.
    132. 

  132. These name changes do not remove a backing index from its data stream.
    133. 

  133. 

  134. The generation of the data stream can change without a new index being added to
    135. 

  135. the data stream (e.g. when an existing backing index is shrunk). This means the
    136. 

  136. backing indices for some generations will never exist.
    137. 

  137. You should not derive any intelligence from the backing indices names.
    138. 

  138. 

  139. [discrete]
    140. 

  140. [[data-streams-append-only]]
    141. 

  141. == Append-only (mostly)
    142. 

  142. 

  143. Data streams are designed for use cases where existing data is rarely updated. You cannot send
    144. 

  144. update or deletion requests for existing documents directly to a data stream. However, you can still
    145. 

  145. <<update-delete-docs-in-a-backing-index,update or delete documents>> in a data stream by submitting
    146. 

  146. requests directly to the document's backing index.
    147. 

  147. 

  148. If you need to update a larger number of documents in a data stream, you can use the
    149. 

  149. <<update-docs-in-a-data-stream-by-query,update by query>> and
    150. 

  150. <<delete-docs-in-a-data-stream-by-query,delete by query>> APIs.
    151. 

  151. 

  152. TIP: If you frequently send multiple documents using the same `_id` expecting last-write-wins, you
    153. 

  153. may want to use an index alias with a write index instead. See
    154. 

  154. <<manage-time-series-data-without-data-streams>>.
    155. 

  155. 

  156. include::set-up-a-data-stream.asciidoc[]
    157. 

  157. include::use-a-data-stream.asciidoc[]
    158. 

  158. include::change-mappings-and-settings.asciidoc[]
    159. 

  159. include::tsds.asciidoc[]
    160. 

  160. include::logs.asciidoc[]
    161. 

  161. include::lifecycle/index.asciidoc[]
    162.